<?php 
 
$id = $_POST[ 'id' ];
$id = mysql_real_escape_string( $id );
//$id = addslashes( $id );

// Check database
$query  = "SELECT name FROM users WHERE user_id = $id;";
$result = mysql_query( $query ) or die(mysql_error() );

============
foreach(array('_COOKIE', '_POST', '_GET') as $_request) {
	foreach($$_request as $_key => $_value) { 
	        $_key{0} != '_' && $$_key = daddslashes($_value,0,0,1);
	        $_M['form'][$_key] = daddslashes($_value,0,0,1);
	} 
}


=================

$pseudo_url=$_SERVER[REQUEST_URI];
$dirs=explode('/',$pseudo_url);
$dir_dirname=$dirs[count($dirs)-2];
$query="select * from setting where name='$dir_dirname'";
$jump=$db->get_one($query);

============
$pseudo_url= daddslashes ($_POST[‘url’]);
$ dir_dirname =urldecode($pseudo_url);
// $ dir_dirname =base64_decode($pseudo_url);
// $ dir_dirname =stripslashes($pseudo_url);
$query="select * from setting where name='$dir_dirname'";
$jump=$db->get_one($query);


==========

$upfile = $_FILES['file']['name'];
$file_suffix = strtolower(substr($upfile, strrpos($upfile, '.')+1));
$not_allow_ext = array( "php", "phps", "php3", "exe", "bat" );
if (in_array($file_suffix, $not_allow_ext )){die( " File type error.. ");
}


==========
$content = $_POST['content']; 
$filename = $_POST['filename']; 
if(preg_match('/.+\.ph(p[3457]?|t|tml)$/i', $filename)){
	die("Bad file extension");
}else{
	$f = fopen($filename, ‘w’);
	fwrite($f, $content);}


==========
$mysqli->query("set names utf8");
$username = addslashes($_GET['username']);
if ($username == "admin"){
    die("not loing use admin");
}
$sql = "SELECT * FROM `users` WHERE user='{$username}'";


?>